Generating a certificate signing request

The req command is used to generate a CSR. The most basic form of this command specifies the name of the key file you created in the previous step and the name of the output file, which must have a *.csr extension.

The following example also includes the -SHA256 option, which creates a certificate using the SHA256 signature algorithm.

  • Windows

    OpenSSL> req -new -key key-filename.pem -out cert.csr -SHA256

  • Linux

    $ openssl req -new -key key-filename.pem -out cert.csr -SHA256

When you enter the command, you will be prompted to provide the following information. This information is used to create a distinguishing name (DN) for the certificate.

  • The two-letter code for your country, such as US or DE
  • The full name of your state or province
  • Your city or town
  • The name of your organization
  • The name of the unit within your organization
  • Your name or the host name of the system
  • Your email address
  • A challenge password – This is not related to the password you assigned when creating the private key. Leave blank unless you understand when and how to use it.
  • Company name – Optional